ceph-admin ssh private key distribution could be more limited
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
John Fulton |
Bug Description
The distribution of the private key should be limited only to mons/mgrs within a ceph cluster. It should not be distributed to just any server within the ceph cluster, i.e. hosts in the osd group don't need the private key (having the public key in authorized_hosts is sufficient).
When ceph-admin-
[2] https:/
[3]
2021-04-23 17:40:08,434 p=830710 u=stack n=ansible | 2021-04-23 17:40:08.433870 | 24420180-
2021-04-23 17:40:09,171 p=830710 u=stack n=ansible | 2021-04-23 17:40:09.170774 | 24420180-
2021-04-23 17:40:09,183 p=830710 u=stack n=ansible | 2021-04-23 17:40:09.183393 | 24420180-
2021-04-23 17:40:09,208 p=830710 u=stack n=ansible | 2021-04-23 17:40:09.208432 | 24420180-
2021-04-23 17:40:09,231 p=830710 u=stack n=ansible | 2021-04-23 17:40:09.230506 | 24420180-
2021-04-23 17:40:09,242 p=830710 u=stack n=ansible | 2021-04-23 17:40:09.242402 | 24420180-
description: | updated |
Fix proposed to branch: master /review. opendev. org/c/openstack /tripleo- ansible/ +/791822
Review: https:/